Windrey IT World is a start-up IT company that specializes in Website Design and Development, Mobile and Desktop Application Development, Programming, IT Consultancy, IT Training and Tutorials, Graphic Designs, and many more

6 Most Popular Methods for Cracking Passwords and Their Countermeasures

6 Most Popular Methods for Cracking Passwords and Their Countermeasures

On daily basis, we here or receive complaints of accounts being hacked, information being stolen, privacy intrusions and many more which shows that there are several methods used by hackers in hacking your account and also getting your personal information.

We have researched the most popular methods used by every hackers in getting your password and we are providing some countermeasures to those methods in this post.

NB: This post is not to teach you how to hack, but will provide a more secured suggestion on how prevent your password being hacked.

Phishing

Phishing is the most easiest and popular hacking method used by hackers to get someoneaccount details. In Phishing attack, hacker will send fake page of real website like Accessbank, facebook to victim. When someone login through that fake page his details is automatically sent to the hacker. This fake pages can be easily created and hosted on free web-hosting sites.

Countermeasure:Phishing attacks are very easy to avoid. The url of this phishing pages are different from the real one. For example URL of phishing page of Accessbank might look likeAccesbank.com (As you can see There is only one “s”). Always make sure that websites url is correct, and never follow an email link to login account details (Especially Bank Accounts).

BruteForce Attack

Anypasswordcan be cracked using Brute-force attack. Brute-force attacks try every possible combinations of numbers, letters and special characters until it matches the correct password. Brute-force attacks can take a very long time depending upon the complexity of thepassword. And the cracking time is determined by the speed of computer and complexity of thepassword.

Countermeasure:Use long and complex passwords. Try to use combination of upper and lowercase letters along with numbers and possibly characters. Brute-force attack will take hundreds or even thousands of years to crack such complex and long passwords.

Example: Passwords like“myrealname”or“mypassword”can be cracked easily whereas computer will take thousand of days to crack passwords like“Ya34lL!”

Rats and Keylogger

In keylogging or RATing the hacker sends keylogger or rat to the victim. Keylogger or Rat can be a piece of software or hardware which allows hacker to monitor every thing victim do on his/her computer. Every keystroke is logged which includes passwords and usernames. Moreover hackers can even control the victims computer to perform some remote functions.

Countermeasure: Never login to your bank account from cyber cafe or someone else computer. If its important use on-screen or virtual keyboard while tying the login. Use latest anti-virus software and keep them updated. And never install any file from the internet without proper scanning and verifying the source.

Rainbow Table

A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. Apasswordhash is apasswordthat has gone through a mathematical algorithm such as md5 or CHA5 and is transformed into something which is not recognizable. A hash is a one way encryption so once apasswordis hashed there is no way to get the original string from the hashed string. A very commonly used hashing algorithm to store passwords in website databases isMD5. It is almost similar to dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords.

Countermeasure:Make sure you choosepasswordthat is long and complex. Creating tables for long and complexpasswordtakes a very long time and a lot of resources.

Guessing

This looks silly but this can easily help hackers to get onespasswordwithin seconds. If the hacker knows you, he can use information he knows about you to guess your password. Hacker can also use combination of Social Engineering and Guessing to acquire yourpassword.

Countermeasure:Don’t use your name, surname,phone numberor date of birth as your password. Try to avoid creatingpasswordthat relates to you. Create complex and long passwordwith combination of letters and numbers which has nothing really about your personal information.

Social Engineering

Social engineering is process of manipulating someone to trust you and get information from them. For example, if the hacker was trying to get thepasswordof a co-workers or friends computer, he could call him pretending to be from the IT department and simply ask for his login details. Sometimes, hackers call the victim pretending to be from bank and ask for their credit cards details. Social Engineering can be used to get someonepassword, to get bank credentials or any personal information.

Countermeasure: If someone tries to get your personal orbank details, refer them to check their database. If they are legit, they should have every details they need without having to call you.